Impact
Medium
Details
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2024-37126 |
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access. |
6.7 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H![This hyperlink is taking you to a website outside of Dell Technologies. This hyperlink is taking you to a website outside of Dell Technologies.](https://i.dell.com/is/image/DellContent/pop-up-arrow-corner-carbon-64px-1) |
CVE-2024-37134 |
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access. |
6.7 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H![This hyperlink is taking you to a website outside of Dell Technologies. This hyperlink is taking you to a website outside of Dell Technologies.](https://i.dell.com/is/image/DellContent/pop-up-arrow-corner-carbon-64px-1) |
CVE-2024-37133 |
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access. |
6.7 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H![This hyperlink is taking you to a website outside of Dell Technologies. This hyperlink is taking you to a website outside of Dell Technologies.](https://i.dell.com/is/image/DellContent/pop-up-arrow-corner-carbon-64px-1) |
CVE-2024-37132 |
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service and Elevation of privileges. |
6.7 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H![This hyperlink is taking you to a website outside of Dell Technologies. This hyperlink is taking you to a website outside of Dell Technologies.](https://i.dell.com/is/image/DellContent/pop-up-arrow-corner-carbon-64px-1) |
CVE-2024-32854 |
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to privilege escalation. |
6.7 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H![This hyperlink is taking you to a website outside of Dell Technologies. This hyperlink is taking you to a website outside of Dell Technologies.](https://i.dell.com/is/image/DellContent/pop-up-arrow-corner-carbon-64px-1) |
CVE-2024-32852 |
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 contain use of a broken or risky cryptographic algorithm vulnerability. An unprivileged network malicious attacker could potentially exploit this vulnerability, leading to data leaks. |
5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N![This hyperlink is taking you to a website outside of Dell Technologies. This hyperlink is taking you to a website outside of Dell Technologies.](https://i.dell.com/is/image/DellContent/pop-up-arrow-corner-carbon-64px-1) |
CVE-2024-32853 |
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an execution with unnecessary privileges vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges. |
4.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L![This hyperlink is taking you to a website outside of Dell Technologies. This hyperlink is taking you to a website outside of Dell Technologies.](https://i.dell.com/is/image/DellContent/pop-up-arrow-corner-carbon-64px-1) |
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2024-37126 |
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access. |
6.7 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H![This hyperlink is taking you to a website outside of Dell Technologies. This hyperlink is taking you to a website outside of Dell Technologies.](https://i.dell.com/is/image/DellContent/pop-up-arrow-corner-carbon-64px-1) |
CVE-2024-37134 |
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access. |
6.7 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H![This hyperlink is taking you to a website outside of Dell Technologies. This hyperlink is taking you to a website outside of Dell Technologies.](https://i.dell.com/is/image/DellContent/pop-up-arrow-corner-carbon-64px-1) |
CVE-2024-37133 |
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access. |
6.7 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H![This hyperlink is taking you to a website outside of Dell Technologies. This hyperlink is taking you to a website outside of Dell Technologies.](https://i.dell.com/is/image/DellContent/pop-up-arrow-corner-carbon-64px-1) |
CVE-2024-37132 |
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service and Elevation of privileges. |
6.7 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H![This hyperlink is taking you to a website outside of Dell Technologies. This hyperlink is taking you to a website outside of Dell Technologies.](https://i.dell.com/is/image/DellContent/pop-up-arrow-corner-carbon-64px-1) |
CVE-2024-32854 |
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to privilege escalation. |
6.7 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H![This hyperlink is taking you to a website outside of Dell Technologies. This hyperlink is taking you to a website outside of Dell Technologies.](https://i.dell.com/is/image/DellContent/pop-up-arrow-corner-carbon-64px-1) |
CVE-2024-32852 |
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 contain use of a broken or risky cryptographic algorithm vulnerability. An unprivileged network malicious attacker could potentially exploit this vulnerability, leading to data leaks. |
5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N![This hyperlink is taking you to a website outside of Dell Technologies. This hyperlink is taking you to a website outside of Dell Technologies.](https://i.dell.com/is/image/DellContent/pop-up-arrow-corner-carbon-64px-1) |
CVE-2024-32853 |
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an execution with unnecessary privileges vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges. |
4.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L![This hyperlink is taking you to a website outside of Dell Technologies. This hyperlink is taking you to a website outside of Dell Technologies.](https://i.dell.com/is/image/DellContent/pop-up-arrow-corner-carbon-64px-1) |
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
Affected Products and Remediation
CVEs Addressed |
Product |
Affected Versions |
Remediated Versions |
Link |
CVE-2024-37134, CVE-2024-37133, CVE-2024-37132, CVE-2024-32854, CVE-2024-32852, CVE-2024-32853 |
PowerScale OneFS |
Version 8.2.2.x through 9.5.0.8 |
Version 9.5.1.0 or later |
PowerScale OneFS Downloads Area |
CVE-2024-37133 |
PowerScale OneFS |
Version 8.2.2.x through 9.4.0.17 |
Version 9.4.0.18 or later |
PowerScale OneFS Downloads Area |
CVE-2024-37126, CVE-2024-37134, CVE-2024-37133, CVE-2024-37132, CVE-2024-32854, CVE-2024-32852, CVE-2024-32853 |
PowerScale OneFS |
Version 8.2.2.x through 9.7.0.0 |
Version 9.7.1.0 or later |
PowerScale OneFS Downloads Area |
CVE-2024-37126, CVE-2024-37134, CVE-2024-37133, CVE-2024-37132, CVE-2024-32854, CVE-2024-32853 |
PowerScale OneFS |
Version 9.7.0.1 through 9.7.0.2 |
Version 9.7.1.0 or later |
PowerScale OneFS Downloads Area |
CVE-2024-37126, CVE-2024-37134, CVE-2024-37133, CVE-2024-37132, CVE-2024-32854 |
PowerScale OneFS |
Version 9.7.0.3 |
Version 9.7.1.0 or later |
PowerScale OneFS Downloads Area |
CVE-2024-37126, CVE-2024-37134, CVE-2024-37133, CVE-2024-37132, CVE-2024-32854 |
PowerScale OneFS |
Version 9.8.0.0 |
Version 9.8.0.1 or later |
PowerScale OneFS Downloads Area |
CVEs Addressed |
Product |
Affected Versions |
Remediated Versions |
Link |
CVE-2024-37134, CVE-2024-37133, CVE-2024-37132, CVE-2024-32854, CVE-2024-32852, CVE-2024-32853 |
PowerScale OneFS |
Version 8.2.2.x through 9.5.0.8 |
Version 9.5.1.0 or later |
PowerScale OneFS Downloads Area |
CVE-2024-37133 |
PowerScale OneFS |
Version 8.2.2.x through 9.4.0.17 |
Version 9.4.0.18 or later |
PowerScale OneFS Downloads Area |
CVE-2024-37126, CVE-2024-37134, CVE-2024-37133, CVE-2024-37132, CVE-2024-32854, CVE-2024-32852, CVE-2024-32853 |
PowerScale OneFS |
Version 8.2.2.x through 9.7.0.0 |
Version 9.7.1.0 or later |
PowerScale OneFS Downloads Area |
CVE-2024-37126, CVE-2024-37134, CVE-2024-37133, CVE-2024-37132, CVE-2024-32854, CVE-2024-32853 |
PowerScale OneFS |
Version 9.7.0.1 through 9.7.0.2 |
Version 9.7.1.0 or later |
PowerScale OneFS Downloads Area |
CVE-2024-37126, CVE-2024-37134, CVE-2024-37133, CVE-2024-37132, CVE-2024-32854 |
PowerScale OneFS |
Version 9.7.0.3 |
Version 9.7.1.0 or later |
PowerScale OneFS Downloads Area |
CVE-2024-37126, CVE-2024-37134, CVE-2024-37133, CVE-2024-37132, CVE-2024-32854 |
PowerScale OneFS |
Version 9.8.0.0 |
Version 9.8.0.1 or later |
PowerScale OneFS Downloads Area |
Note: Any version not listed in the Affected Products and Remediation section should upgrade PowerScale OneFS to version 9.7.1.0 or later.
Note: We encourage all customers to adopt the LTS 2024 version, 9.7.x code line, with the latest maintenance MR 9.7.1.0.
Revision History
Revision | Date | Description |
---|
1.0 | 2024-07-01 | Initial Release |
Related Information
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide